Adjust exp argument to the duration

Author: ajanikow

auth.go

@@ -26,6 +26,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"strings"
+	"time"
 
 	"github.com/spf13/cobra"
 
@@ -34,9 +35,10 @@ import (
 
 var (
 	cmdAuth = &cobra.Command{
-		Use:   "auth",
-		Short: "ArangoDB authentication helper commands",
-		Run:   cmdShowUsage,
+		Use:               "auth",
+		Short:             "ArangoDB authentication helper commands",
+		PersistentPreRunE: persistentAuthPreFunE,
+		Run:               cmdShowUsage,
 	}
 	cmdAuthHeader = &cobra.Command{
 		Use:   "header",
@@ -52,7 +54,8 @@ var (
 		jwtSecretFile string
 		user          string
 		paths         []string
-                exp           int64
+		exp           string
+		expDuration   time.Duration
 	}
 )
 
@@ -65,7 +68,7 @@ func init() {
 	pf.StringVar(&authOptions.jwtSecretFile, "auth.jwt-secret", "", "name of a plain text file containing a JWT secret used for server authentication")
 	pf.StringVar(&authOptions.user, "auth.user", "", "name of a user to authenticate as. If empty, 'super-user' authentication is used")
 	pf.StringSliceVar(&authOptions.paths, "auth.paths", nil, "a list of allowed pathes. The path must not include the '_db/DBNAME' prefix.")
-	pf.Int64Var(&authOptions.exp, "auth.exp", 0, "an expiry date in seconds since epoche")
+	pf.StringVar(&authOptions.exp, "auth.exp", "", "a time in which token should expire - based on current time in UTC. Supported units: h, m, s (default)")
 }
 
 // mustAuthCreateJWTToken creates a the JWT token based on authentication options.
@@ -81,7 +84,7 @@ func mustAuthCreateJWTToken() string {
 		log.Fatal().Err(err).Msgf("Failed to read JWT secret file '%s'", authOptions.jwtSecretFile)
 	}
 	jwtSecret := strings.TrimSpace(string(content))
-	token, err := service.CreateJwtToken(jwtSecret, authOptions.user, "", authOptions.paths, authOptions.exp)
+	token, err := service.CreateJwtToken(jwtSecret, authOptions.user, "", authOptions.paths, authOptions.expDuration)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to create JWT token")
 	}
@@ -99,3 +102,40 @@ func cmdAuthTokenRun(cmd *cobra.Command, args []string) {
 	token := mustAuthCreateJWTToken()
 	fmt.Println(token)
 }
+
+func persistentAuthPreFunE(cmd *cobra.Command, args []string) error {
+	cmdMain.PersistentPreRun(cmd, args)
+
+	if authOptions.exp != "" {
+		d, err := durationParser(authOptions.exp, "s")
+		if err != nil {
+			return err
+		}
+
+		if d < 0 {
+			return fmt.Errorf("negative duration under --auth.exp is not allowed")
+		}
+
+		authOptions.expDuration = d
+	}
+
+	return nil
+}
+
+func durationParser(duration string, defaultUnit string) (time.Duration, error) {
+	if d, err := time.ParseDuration(duration); err == nil {
+		return d, nil
+	} else {
+		if !strings.HasPrefix(err.Error(), "time: missing unit in duration ") {
+			return 0, err
+		}
+
+		duration = fmt.Sprintf("%s%s", duration, defaultUnit)
+
+		if d, err := time.ParseDuration(duration); err == nil {
+			return d, nil
+		} else {
+			return 0, err
+		}
+	}
+}

auth_test.go

@@ -0,0 +1,47 @@
+//
+// DISCLAIMER
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package main
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func parseDuration(t *testing.T, in, out string) {
+	t.Run(in, func(t *testing.T) {
+		v, err := durationParser(in, "s")
+		require.NoError(t, err)
+
+		s := v.String()
+
+		require.Equal(t, out, s)
+	})
+}
+
+func Test_Auth_DurationTest(t *testing.T) {
+	parseDuration(t, "5", "5s")
+	parseDuration(t, "5s", "5s")
+	parseDuration(t, "5m", "5m0s")
+	parseDuration(t, "5h", "5h0m0s")
+}

go.mod

@@ -29,6 +29,7 @@ require (
 	github.com/ryanuber/columnize v2.1.0+incompatible
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.5.1
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
 	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9

service/authentication.go

@@ -24,6 +24,7 @@ package service
 
 import (
 	"net/http"
+	"time"
 
 	jwt "github.com/dgrijalva/jwt-go"
 )
@@ -35,12 +36,12 @@ const (
 
 // CreateJwtToken calculates a JWT authorization token based on the given secret.
 // If the secret is empty, an empty token is returned.
-func CreateJwtToken(jwtSecret, user string, serverId string, paths []string, exp int64) (string, error) {
+func CreateJwtToken(jwtSecret, user string, serverId string, paths []string, exp time.Duration) (string, error) {
 	if jwtSecret == "" {
 		return "", nil
 	}
-        if serverId == "" {
-	        serverId = "foo"
+	if serverId == "" {
+		serverId = "foo"
 	}
 
 	// Create a new token object, specifying signing method and the claims
@@ -56,7 +57,7 @@ func CreateJwtToken(jwtSecret, user string, serverId string, paths []string, exp
 		claims["allowed_paths"] = paths
 	}
 	if exp > 0 {
-		claims["exp"] = exp
+		claims["exp"] = time.Now().UTC().Add(exp).Unix()
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)